by r0t,der4444,cembo,VietMafia

Thursday, November 17, 2005

class-1 Poll Software Multiple SQL Injection Vulnerabilities.


class-1 Poll Software Multiple SQL Injection Vulnerabilities.

Author: r0t (hackers.by.lv)
Date: 17 nov. 2005
Software:class-1 Poll Software (v 0.4)
Vendor:http://www.class1web.co.uk/
affected: v 0.4 and prior

Description:
Input passed to the "pollid" and "previouspoll" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


examples:

/poll/index.php?mode=results&previouspoll=1&pollid='
/poll/index.php?mode=results&previouspoll=1'

4 Comments:

Anonymous Anonymous told...

kas noticis ar forumu?
cembo

5:05 PM

 
Anonymous Anonymous told...

under attack.

5:16 PM

 
Anonymous Anonymous told...

idiotisms... ir citi celji kaa izraadiit skaudiibu... saakumaa legaalas probleemas, tagad nelegaalas. bullshits

5:20 PM

 
Anonymous Anonymous told...

domajams forums bus velakais rit atpakal.

r0t

5:46 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew